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Digital Video Conten t Transmission Ciphering And Deciphering 

Method And Apparatus 

BACKGROUND OF THE INVENTION 
5 

1. Field of the Invention 

The present invention relates to the field of content protection. More 
specifically, the present invention addresses the provision of protection to digital 
video content to facilitate their secure transmission from a video source device to a 
10 video sink device. 

2. Background Information 

In general, entertainment, education, art, and so forth (hereinafter collectively 
referred to as “content”) packaged in digital form offer higher audio and video quality 
15 than their analog counterparts. However, content producers, especially those in the 
entertainment industry, are still reluctant in totally embracing the digital form. The 
primary reason being digital contents are particularly vulnerable to pirating. As 
unlike the analog form, where some amount quality degradation generally occurs 
with each copying, a pirated copy of digital content is virtually as good as the “gold 
20 master”. As a result, much efforts have been spent by the industry in developing 
and adopting techniques to provide protection to the distribution and rendering of 
digital content. 

Historically, the communication interface between a video source device 
(such as a personal computer) and a video sink device (such as a monitor) is an 
25 analog interface. Thus, very little focus has been given to providing protection for 
the transmission between the source and sink devices. With advances in integrated 
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circuit and other related technologies, a new type of digital interface between video 
source and sink devices is emerging. The availability of this type of new digital 
interface presents yet another new challenge to protecting digital video content. 
While in general, there is a large body of cipher technology known, the operating 
characteristics such as the volume of the data, its streaming nature, the bit rate and 
so forth, as well as the location of intelligence, typically in the source device and not 
the sink device, present a unique set of challenges, requiring a new and novel 
solution. 
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SUMMARY OF THE INVENTION 

A session key is generated by a video source device for each transmission 
session wherein a multi-frame video content is to be transmitted to a video sink 
5 device. The video source device in turn uses at least the session key to generate a 
successive number of frame keys to facilitate ciphering of corresponding frames of 
the multi-frame video content for transmission to the video sink device. 
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BRIEF DESCRIPTION OF DRAWINGS 

The present invention will be described byway of exemplary embodiments, 
but not limitations, illustrated in the accompanying drawings in which like references 
5 denote similar elements, and in which: 

Figure 1 illustrates an overview of the present invention in accordance with 
one embodiment; 

Figure 2 illustrates a symmetric ciphering/deciphering process based method 
for providing video content from a source device to a sink device, in accordance with 
10 one embodiment; 

Figures 3a-3b illustrate the symmetric ciphering/deciphering process of Fig. 
2, in accordance with one embodiment; 

Figure 4 illustrates video source and sink devices of Fig. 1 in further detail, in 
accordance with one embodiment; 

15 Figure 5 illustrates the combined block/stream cipher of Fig. 4 in further 

detail, in accordance with one embodiment; 

Figure 6 illustrates the block key section of Fig. 5 in further detail, in 
accordance with one embodiment; 

Figure 7 illustrates the block data section of Fig. 5 in further detail, in 
20 accordance with one embodiment; and 

Figures 8a-8c illustrate the stream data section of Fig. 5 in further detail, in 
accordance with one embodiment. 
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DETAILED DESCRIPTION OF THE INVENTION 

In the following description, various aspects of the present invention will be 
described, and various details will be set forth in order to provide a thorough 
5 understanding of the present invention. However, it will be apparent to those skilled 
in the art that the present invention may be practiced with only some or all aspects of 
the present invention, and the present invention may be practiced without the specific 
details. In other instances, well known features are omitted or simplified in order not 
to obscure the present invention. 

10 Various operations will be described as multiple discrete steps performed in 

turn in a manner that is most helpful in understanding the present invention. 

However, the order of description should not be construed as to imply that these 
operations are necessarily performed in the order they are presented, or even order 
dependent. Lastly, repeated usage of the phrase “in one embodiment” does not 
1 5 necessarily refer to the same embodiment, although it may. 

Referring now to Figure 1, wherein a block diagram illustrating an overview 
of the present invention, in accordance with one embodiment is shown. As 
illustrated, video source device 102 and video sink device 104 are coupled to each 
20 other by digital video link 106 . Video source device 102 provides video content to 
video sink device 104 through digital video link 106 . In accordance with the present 
invention, video source device 102 and video sink device 104 are equipped to be 
able to jointly practice a symmetric ciphering/deciphering process. As a result, video 
content may be provided in a more robust ciphered digital form from video source 
25 device 102 to video sink device 104 through video link 106 , making it more difficult 
to pirate video content during transmission. 
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Except for the teachings of the present invention incorporated, to be 
described more fully below, video source device 102 and video sink device 104 are 
both intended to represent a broad range of such devices known in the art. 

Examples of video source devices include but not limited to computers of all sizes 
5 (from palm size device to desktop device, and beyond), set-up boxes, or DVD 
players, whereas examples of video sink devices include but not limited to CRT 
monitors, flat panel displays or television sets. Digital video link 106 may be 
implemented in any one of a number of mechanical and electrical forms, as long as 
they are consistent with the operating requirement (i.e. speed, bit rate and so forth), 
10 and a mechanism (which may be in hardware or through protocol) is provided to 
allow control information to be exchanged between video source and sink devices 
102 and 104 (hereinafter, simply source and sink devices respectively). 

Figure 2 illustrates an overview of the symmetric ciphering/deciphering 
15 process based method for providing video content from a source device to a sink 
device, in accordance with one embodiment. In this embodiment, source and sink 
devices 102 and 104 are assumed to have each been provided with an array of 
private keys and a complementary identifier by a certification authority. As 
illustrated, upon power on or reset, source device 102 first provides a basis value to 
20 the symmetric ciphering/deciphering process to sink device 104 (block 202). For the 
illustrated embodiment, the basis value is a random number (An). An may be 
generated in any one of a number of techniques known in the art. Additionally, 
source device 102 also provides its identifier (Ak) to sink device 104 (block 202). In 
response, sink device 104 replies with its identifier (Bk) (block 203). Upon 
25 exchanging the above information, source and sink devices 102 and 104 

independently generate their respective copies of an authentication key (Km) using 
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Ak and Bk (block 204 and 205). For the illustrated embodiment, source device 102 
generates its copy of Km by summing private keys of its provided array indexed by 
Bk, while sink device 104 generates its copy of Km by summing private keys of its 
provided array indexed by Ak. At this time, if both source and sink devices 102 and 
5 104 are authorized devices, they both possess and share a common secret 

authentication key Km. 

In one embodiment, each of source and sink devices 102 and 104 is pre- 
provided with an array of 40 56-bit private keys by the certification authority. An is a 
64-bit random number, and Km is 56-bit long. For more information on the above 
10 described authentication process, see co-pending U.S. Patent Application, serial 
number 09/275,722, filed on March 24, 1999, entitled Method and Apparatus for the 
Generation of Cryptographic Keys, having common inventorship as well as assignee 
with the present application. 

Having authenticated sink device 104, source device 102 ciphers video 
15 content into a ciphered form before transmitting the video content to sink device 
104. Source device 102 ciphers the video content employing a symmetric 
ciphering/deciphering process, and using the random number (An) as well as the 
independently generated authentication key (Km) (block 206). Upon receipt of the 
video content in ciphered form, sink device 104 deciphers the ciphered video 
20 content employing the same symmetric ciphering/deciphering processing, and using 
the provided An as well as its independently generated copy of Km (block 207). 

In accordance with the present invention, as an integral part of ciphering 
video content, source device 102 derives a set of verification reference values in a 
predetermined manner (block 208). Likewise, as an integral part of symmetrically 
25 deciphering video content sink device 104 also derives a set of verification values in 
a predetermined manner, and transmits these derived verification values to source 
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device 102 (block 209). Upon receiving each of these verification values, source 
device 102 compares the received verification value to the corresponding one of the 
verification reference value to determine and confirm that indeed the ciphered video 
content is being properly deciphered by sink device 104 (block 210). 

5 For the illustrated embodiment, both source and sink devices 102 and 104 

generate the verification reference and verification values continuously, but the 
verification values are provided from sink device 104 to source device 102 
periodically at predetermined intervals. 

In one embodiment, the verification reference and verification values are all 
10 64-bit in length, and sink device 104 provides source device 102 with verification 
values at initialization and every 64 th frames thereafter. 

Figures 3a-3b illustrate the symmetric ciphering/deciphering process in 
further detail, in accordance with one embodiment. In this embodiment, the video 
15 content is assumed to be a multi-frame video content with each frame having 

multiple lines of video content. In between two lines of a frame is an interval to allow 
a sink device to horizontally “retrace" itself, commonly known as the horizontal 
retrace interval or horizontal blanking interval (HB I ). Likewise, in between two 
frames is an interval to allow a sink device to vertically “retrace" itself, commonly 
20 known as the vertical retrace interval or vertical blanking interval (VBI). 

Source device 102 first generates a session key (Ks) for the transmission 
session (block 302). For the illustrated embodiment, Ks is generated by block 
ciphering the above mentioned random number Ah using the authentication key Km 
as the block cipher key and applying Cl clocks. The duration of a transmission 
25 session is application dependent. Typically, it corresponds to a natural demarcation 
of the video content, e.g. the transmission of a single movie may constitute a 
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transmission session, or the transmission of an episode of a sitcom may constitute a 
transmission session instead. 

Upon generating the session key Ks, source device 102 generates an initial 
version of a second random number (MO) (block 304). For the illustrated 
5 embodiment, source device 102 first generates a pseudo random bit sequence (at 
p-bit per clock) using a stream cipher with the above described random number An 
and the session key Ks (in two roles, as another input random number and as the 
stream cipher key), applying C2 clocks. Source device 102 derives MO from the 
pseudo random bit sequence, as the bit sequence is generated. 

10 Next, source device 102 generates a frame key (Ki) for the next frame (block 

306). For the illustrated embodiment, Ki is generated by block ciphering an 
immediately preceding version of the second random number Mi-1 using the session 
key Ks as the block cipher key, and applying C3 clocks. That is, for the first frame, 
frame-1 , frame key KI is generated by block ciphering the above described initial 
15 version of the second random number M0, using Ks, and applying C3 clocks. 
Additionally, this operation is subsequently repeated at each vertical blanking 
interval for the then next frame, frame-2, frame-3, and so forth. 

Upon generating the frame key Ki, source device 102 generates the current 
version of the second random number (Mi) (block 302). For the illustrated 
20 embodiment, source device 102 first generates a pseudo random bit sequence (at 
p-bit per clock) using a stream cipher with the previous version of the second 
random number Mi-1 and the frame key Ki (in two roles, as another input random 
number and as the stream cipher key), applying C4 clocks. Source device 102 
derives Mi from the pseudo random bit sequence, as the bit sequence is generated. 
25 Upon generating the current version of the second random number Mi, 

source device 102 again generates a pseudo random bit sequence (at p-bit per 

Graunke et al. - Digital Video 9 Express No: EL 414969056 US 

Content Transmission Ciphering ATA/mjt 

& Deciphering M&A 




Attorney Docket Ref: 4239G.P7572 



clock) to cipher the frame (block 308). For the illustrated embodiment, source 
device 102 generates the pseudo random bit sequence using a stream cipher with 
an immediately preceding version of the second random number Mi-1 and frame key 
Ki (in two roles, as another input random number and the stream cipher key), 

5 applying C5 clock cycles. The video content is ciphered by perform an exclusive- 
OR (XOR) operation on the video stream and the pseudo random bit sequence. 

The pseudo random bit sequence is generated preferably at a rate sufficient to 
cipher a pixel of RGB signal per clock. Therefore, C5 is equal to the number of bits 
per pixel multiply by the number of pixels per line, as well as the number of lines per 
10 frame. 

For the illustrated embodiment, a stream cipher that successively transforms 
Mi and Ki in the course of generating the pseudo random bit sequence is employed. 
Additionally, the robustness of the ciphered video content is further strengthened by 
increasing the unpredictability of the pseudo random bit sequence through 
15 successive modification of then current states of Ki at the horizontal blanking 
intervals of the frame (block 310). 

Over in sink device 104, in like manner, it first generates a session key (Ks) 
for the transmission session (block 312). Upon generating the session key Ks, sink 
device 1 04 generates an initial version of the second random number (M0) (block 
20 314). Next, sink device 104 generates the frame key (Ki) and second random 

number (Mi) for the next frame (block 316). This operation is likewise subsequently 
repeated at each vertical blanking interval for the then next frame. In the meantime, 
after generation of each frame key Ki and Mi, sink device 104 generates a 
corresponding pseudo random bit sequence to decipher the frame (block 318). The 
25 ciphered video content is deciphered by performing an excIusive-OR (XOR) 

operation on the video stream and the corresponding pseudo random bit sequence. 
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Sink device 104 also employs a stream cipher that successively transforms Mi and 
Ki in the course of generating the pseudo random bit sequence. Furthermore, Ki is 
successively modified at the horizontal blanking intervals of the frame (block 320). 
Ki, the pseudo random bit sequence, and Mi are symmetrically generated as earlier 
5 described for source device 102. 

In one embodiment, Ks and each Ki are both 84-bit in length. Cl and C3 are 
both 48 clocks in length. Each pixel is 24-bit, and the pseudo random bit sequence 
is generated at 24-bit per clock. Each Mi is 64-bit in length, C3 and C4 are 56 
clocks in length. Each 64-bit Mi is formed by concatenating the “lower” 16-bit 
10 stream cipher output of each of the last four clocks. 

Accordingly, video content may be advantageously transmitted in ciphered 
form with increased robustness from source device 102 to sink device 104 through 
link 106 with reduced pirating risk. 

15 Figure 4 illustrates video source and sink devices of Fig. 1 in further detail, in 

accordance with one embodiment. As shown, video source and sink devices 102 
and 104 include interfaces 108a and 108b disposed at the respective end of link 
106. Each of interfaces 108a and 108b is advantageously provided with cipher 110 
of the present invention and XOR 112 to practice the video content protection 
20 method of the present invention as described above. Additionally, for ease of 

explanation, interface 108a is also shown as having been provided with a separate 
random number generator 114. Except for interfaces 108a and 108b, as stated 
earlier, video source and sink devices 102 and 104 are otherwise intended to 
represent a broad category of these devices known in the art. 

25 Random number generator 114 is used to generate the earlier described 

random number An. Random number generator 114 may be implemented in 
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hardware or software, in any one of a number of techniques known in the art. In 
alternate embodiments, as those skilled in the art will appreciate from the 
description to follow, cipher 110 may also used to generate An, without the 
employment of a separate random number generator. 

5 Cipher 1 1 0 is a novel combined block/stream cipher capable of operating in 

either a block mode of operation or a stream mode of operation. To practice the 
video content protection method of the present invention, cipher 110 is used in block 
mode to generate the above described session key Ks and frame keys Ki, and in 
stream mode to generate the pseudo random bit sequences for the various frames 
10 (and indirectly Mi, as they are derived from the respective bit sequences). 

In source device 102, XOR 112 is used to cipher video content, combining it 
with the pseudo random bit sequences generated by cipher 110 on interface 108a. 
Over in sink device 104, XOR 112 is used to decipher ciphered video content, 
combining it with the pseudo random bit sequences generated by cipher 110 on 
15 interface 108b. 

Figure 5 illustrates the combined block/stream cipher of Fig. 4 in further 
detail, in accordance with one embodiment. As illustrated, combined block/stream 
cipher 110 includes block key section 502, data section 504, stream key section 
20 506, and mapping section 508, coupled to one another. Block key section 502 and 

data section 504 are employed in both the block mode as well as the stream mode 
of operation, whereas stream key section 506 and mapping section 508 are 
employed only in the stream mode of operation. 

Briefly, in block mode, block key section 502 is provided with a block cipher 
25 key, such as the earlier described authentication key Km or the session key Ks; 
whereas data section 504 is provided with the plain text, such as the earlier 
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described random number An or the derived random number Mi-1 . “Rekeying 
enable” signal is set to a “disabled” state, operatively de-coupling block key section 
502 from stream key section 506. During each clock cycle, the block cipher key as 
well as the plain text are transformed. The block cipher key is independently 
5 transformed, whereas transformation of the plain text is dependent on the 

transformation being performed on the block cipher key. After a desired number of 
clock cycles, the provided plain text is transformed into ciphered text. For the earlier 
described video content protection method, when block key section 502 is provided 
with Km and data section 504 is provided with the An, ciphered An is read out and 
10 used as the session key Ks. When block key section 502 is provided with Ks and 
data section 504 is provided with the Mi-1 , ciphered Mi-1 is read out and used as 
the frame key Ki. 

To decipher the ciphered plain text, block key section 502 and data section 
504 are used in like manner as described above to generate the intermediate 
15 “keys”, which are stored away (in storage locations not shown). The stored 

intermediate “keys” are then applied to the ciphered text in reversed order, resulting 
in the deciphering of the ciphered text back into the original plain text. Another 
approach to deciphering the ciphered text will be described after block key section 
502 and data section 504 have been further described in accordance with one 
20 embodiment each, referencing Figs. 6-7. 

In stream mode, stream key section 506 is provided with a stream cipher key, 
such as the earlier described session key Ks or frame key Ki. Block key section 502 
and data section 504 are provided with random numbers, such as the earlier 
described session/frame keys Ks/Ki and the derived random numbers Mi-1 . 

25 “Rekeying enable” signal is set to an “enabled” state, operatively coupling block key 
section 502 to stream key section 506. Periodically, at predetermined intervals. 
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such as the earlier described horizontal blanking intervals, stream key section 506 is 
used to generate one or more data bits to dynamically modify the then current state 
of the random number stored in block data section 502. During each clock cycle, in 
between the predetermined intervals, both random numbers stored in block key 
5 section 502 and data section 504 are transformed. The random number provided to 
block key section 502 is independently transformed, whereas transformation of the 
random number provided to data section 504 is dependent on the transformation 
being performed in block key section 502. Mapping block 506 retrieves a subset 
each, of the newly transformed states of the two random numbers, and reduces 
10 them to generate one bit of the pseudo random bit sequence. Thus, in a desired 
number of clock cycles, a pseudo random bit sequence of a desired length is 
generated. 

For the illustrated embodiment, by virtue of the employment of the “rekeying 
enable” signal, stream key section 506 may be left operating even during the block 
15 mode, as its outputs are effectively discarded by the “rekeying enable” signal (set in 
a “disabled” state). 

Figure 6 illustrates the block key section of Fig. 5 in further detail, in 
accordance with one embodiment. As illustrated, block key section 502 includes 
20 registers 602a-602c, substitution boxes 604, and linear transformation unit 606. In 
block mode, registers 602a-602c are collectively initialized to a block cipher key, 
e.g. authentication key Km or session key Ks. In stream mode, registers 602a-602c 
are collectively initialized to a random number, e.g. session key Ks or frame key Ki. 
Each round, substitution boxes 604 and linear transformation unit 606 modify the 
25 content of registers 602a-602c. More specifically, substitution boxes 604 receive 
the content of register 602a, modify it, and then store the substituted content into 
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register 602c. Similarly, linear transformation unit 606 receives the content of 
registers 602b and 602c, linearly transforms them, and then correspondingly stores 
the linearly transformed content into registers 602a and 602b. 

Substitution boxes 604 and linear transformation unit 606 may be 
5 implemented in a variety of ways in accordance with well known cryptographic 
principles. One specific implementation is given in more detail below after the 
description of Fig. 7. 

Figure 7 illustrates the block data section of Fig. 5 in further detail, in 
accordance with one embodiment. For the illustrated embodiment, data section 504 
10 is similarly constituted as block key section 502, except linear transformation unit 
706 also takes into consideration the content of register 602b, when transforming 
the contents of registers 702b-702c. In block mode, registers 702a-702c are 
collectively initialized with the target plain text, e.g. earlier described random number 
An or derived random number Mi-1 . In stream mode, registers 702a-702c are 
15 collectively initialized with a random number. Each round, substitution boxes 704 
and linear transformation unit 706 modify the content of registers 702a-702c as 
described earlier for block key section 502 except for the differences noted above. 

Again, substitution boxes 604 and linear transformation unit 606 may be 
implemented in a variety of ways in accordance with well known cryptographic 
20 principles. 

In one implementation for the above described embodiment, each register 
602a, 602b, 602c, 702a, 702b, 702c is 28-bit wide. [Whenever registers 602a-602c 
or 702a-702cb collectively initialized with a key value or random number less than 
84 bits, the less than 84-bit number is initialized to the lower order bit positions with 
25 the higher order bit positions zero filled.] Additionally, each set of substitution boxes 
604 or 704 are constituted with seven 4 input by 4 output substitution boxes. Each 
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linear transformation unit 606 or 706 produces 56 output values by combining 
outputs from eight diffusion networks (each producing seven outputs). More 
specifically, the operation of substitution boxes 604/704 and linear transformation 
unit 606/706 are specified by the four tables to follow. For substitution boxes 
604/704, the Ith input to box J is bit l*7+J of register 602a/702a, and output I of box 
J goes to bit l*7+j of register 602c/702c. [Bit 0 is the least significant bit.] For each 
diffusion network (linear transformation unit 606 as well as 706), the inputs are 
generally labeled 10-16 and the outputs are labeled 00-06. The extra inputs for 
each diffusion network of the linear transformation unit 706 is labeled K0-K6. 
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Table I - Substitution performed by each of the seven constituting substitution 



boxes of substitution boxes 604/704. 
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Tables II & III - Diffusion networks for linear transformation unit 606/706 
(continued in Table IV). 
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Table IV - Diffusion networks for linear transformation unit 606/706 (continued 
from Tables II & III). 



Referring now back to Fig. 5, recall that a ciphered text may be 
deciphered by generating the intermediate “keys” and applying them backward. 
Alternatively, for an embodiment where either the inverse of substitution boxes 
604/704 and linear transformation units 606/706 are included or they may be 
10 dynamically reconfigured to operate in an inverse manner, the ciphered text may be 

deciphered as follows. First, the cipher key used to cipher the plain text is loaded 
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into block key section 502, and block key section 502 is advanced by R-1 rounds, 
i.e. one round short of the number of rounds (R) applied to cipher the plain text. 

After the initial R-1 rounds, the ciphered text is loaded into data section 504, and 
both sections, block key section 502 and data section 504, are operated “backward”, 
5 i.e. with substitution boxes 604/704 and linear transformation units 606/706 applying 
the inverse substitutions and linear transformations respectively. 

Figures 8a-8c illustrate the stream key section of Fig. 5 in further detail, in 
accordance with one embodiment. As illustrated in Fig. 8a, stream key section 506 
10 includes a number of linear feedback shift registers (LFSRs) 802 and combiner 

function 804, coupled to each other as shown. LFSRs 802 are collectively initialized 
with a stream cipher key, e.g. earlier described frame key Ki. During operation, the 
stream cipher key is successively shifted through LFSRs 802. Selective outputs are 
taken from LFSRs 802, and combiner function 804 is used to combine the selective 
15 outputs. In stream mode (under which, rekeying is enabled), the combined result is 
used to dynamically modify a then current state of a block cipher key in block key 
section 502. 

For the illustrated embodiment, four LFSRs of different lengths are employed. 
Three sets of outputs are taken from the four LFSRs. The polynomials represented 
20 by the LFSR and the bit positions of the three sets of LFSR outputs are given by the 
table to follows: 
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X 17 + x 15 + x 11 + x 5 + 1 
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X 16 + x 15 + x 12 + X s + x 7 + 
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X 13 + x 11 + x 9 + x 5 + 1 
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Table V - Polynomials of the LFSR and tap positions. 

The combined result is generated from the third set of LFSR outputs, using 
5 the first and second set of LFSR outputs as data and control inputs respectively to 
combiner function 802. The third set of LFSR outputs are combined into a single bit. 
In stream mode (under which, rekeying is enabled), the combined single bit is then 
used to dynamically modify a predetermined bit of a then current state of a block 
cipher key in block key section 502. 

10 Fig. 8b illustrates combiner function 804 in further detail, in accordance with 

one embodiment. As illustrated, combiner function 804 includes shuffle network 806 
and XOR 808a-808b, serially coupled to each other and LFSRs 802 as shown. For 
the illustrated embodiment, shuffle network 806 includes four binary shuffle units 
810a-810d serially coupled to each other, with first and last binary shuffle units 810a 
15 and 81 Od coupled to XOR 808a and 808b respectively. XOR 808a takes the first 
group of LFSR outputs and combined them as a single bit input for shuffle network 
806. Binary shuffle units 810a-810d serially propagate and shuffle the output of 
XOR 808a. The second group of LFSR outputs are used to control the shuffling at 
corresponding ones of binary shuffle units 810a-810d. XOR 808b combines the 
20 third set of LFSR outputs with the output of last binary shuffle unit 81 Od. 
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Fig. 8c illustrates one binary shuffle unit 810* (where * is one of a-d) in 
further detail, in accordance with one embodiment. Each binary shuffle unit 810* 
includes two flip-flops 812a and 812b, and a number of selectors 814a-814c, 
coupled to each other as shown. Flip-flops 812a and 812b are used to store two 
5 state values (A, B). Each selector 814a, 814b or 814c receives a corresponding 
one of the second group of LFSR outputs as its control signal. Selector 814a-814b 
also each receives the output of XOR 808a or an immediately preceding binary 
shuffle unit 810* as input. Selector 814a-814b are coupled to flip-flops 812a-812b to 
output one of the two stored state values and to shuffle as well as modify the stored 
10 values in accordance with the state of the select signal. More specifically, for the 
illustrated embodiment, if the stored state values are (A, B), and the input and select 
values are (D, S), binary shuffle unit 810* outputs A, and stores (B, D) if the value of 
S is “0”. Binary shuffle unit 810* outputs B, and stores (D, A) if the value of S is “1”. 

15 Referring now to back to Figure 5, as illustrated and described earlier, 

mapping function 508 generates the pseudo random bit sequence based on the 
contents of selected registers of block key section 502 and data section 504. In one 
embodiment, where block key section 502 and data section 504 are implemented in 
accordance with the respective embodiments illustrated in Fig. 6-7, mapping 
20 function 508 generates the pseudo random bit sequence at 24-bit per clock based 
on the contents of registers (Ky and Kz) 602b-602c and (By and Bz) 702b-702c. 
More specifically, each of the 24 bits is generated by performing the XOR operation 
on nine terms in accordance with the following formula: 

(B0*K0) © (B1«K1) © (B2*K2) 0 (B3«K3) © (B4*K4) © (B5*K5) © (B6«K6) © 
25 B7 © K7 
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Where “0” represents a logical XOR function, V represents a logical AND 
function, and the input values B and K for the 24 output bits are 
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5 Accordingly, a novel method and apparatus for ciphering and deciphering 

video content to protect the video content from unauthorized copying during 
transmission has been described. 

Epilogue 

10 From the foregoing description, those skilled in the art will recognize that 

many other variations of the present invention are possible. In particular, while the 
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present invention has been described as being implemented in interfaces 108a and 
108b, some of the logic may be distributed in other components of video source and 
sink devices 102 and 104. Additionally, non-LFSR based stream key section, more 
or less block key registers, larger or smaller block key registers, more or less 
substitution units, including alternative substitution patterns, as well as different 
linear transformation units may be employed. Thus, the present invention is not 
limited by the details described, instead, the present invention can be practiced with 
modifications and alterations within the spirit and scope of the appended claims. 
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